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AMENDMENTS TO THE CLAIMS 

Upon entry of this amendment, the following listing of claims will replace all prior 
versions and listings of claims in the pending application. 

Please amend claims 4, 9-14, 18-19, 24, 26-29 and 32 and cancel claims 1-3 and 23 as follows: 

1. (Canceled). 

2. (Canceled). 

3. (Canceled). 

4. (Currently Amended) A method for isolating access by application programs to native 
resources provided by an operating system, the method comprising instructing a suitably 
programmed computer to perform the steps of; Tho method of claim 3 further comprising tho 

(a) redirecting to an isolation environment comprising a user isolation layer and an 
application isolation layer a request for a native resource provided by an operating system and 
stored in a memory element provided by a computer, the request made by a process executing on 
behalf of a first user; 

(b) failing to locate in the memory element an instance of the requested resource 
associated with a user isolation scope provided by the user isolation layer on behalf of a first 
user; 

(c) redirecting the request to the application isolation layer; 

(d) locating in the memory element an instance of the requested native resource 
associated with an application isolation scope provided by the application isolation layer; and 
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(e) responding to the request for the native resource using the instance of the requested 
native resource located in the memory element and associated with the application isolation 
scope. 

5. (Previously Presented) The method of claim 4 wherein step (e) comprises creating an instance 
of the requested native resource associated with the user isolation scope that corresponds to the 
instance of the requested native resource associated with the application isolation scope and 
responding to the request for the native resource using the created instance of the requested 
native resource associated with the user isolation scope. 

6. (Previously Presented) The method of claim 4 wherein step (d) comprises failing to locate an 
instance of the requested native resource in the memory element and associated with the 
application isolation scope. 

7. (Previously presented) The method of claim 6 wherein step (e) comprises responding to the 
request for the native resource using a system-scoped native resource. 

8. (Previously Presented) The method of claim 6 wherein step (e) comprises: 

creating an instance of the requested native resource associated with the user isolation scope that 
corresponds to the instance of the requested resource associated with a system scope and 
responding to the request for the native resource using the created instance of the resource 
associated with the user isolation scope. 
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9. (Currently Amended) The method of claim [[+]] 4 further comprising the step of hooking a 
request for a native resource made by a process executing on behalf of a first user. 



10. (Currently Amended) The method of claim [[4]] 4 further comprising the step of intercepting 
a request for a native resource made by a process executing on behalf of a first user. 

1 1 . (Currently Amended) A method for isolating access by application programs to native 
resources provided by an operating system, the method comprising instructing a suitably 
programmed computer to perform the steps of: The method of claim 1 further comprising the 

(a-1) intercepting by a file system filter driver a request for a file system native resource 
provided by an operating system and stored in a memory clement provided by a computer, the 
request made by a process executing on behalf of a first user; 

(a-2) redirecting to an isolation environment comprising a user isolation layer and an 
application isolation layer the request for the file system native resource; 

(b) locating in the memory element an instance of the requested resource associated with 
a user isolation scope provided by the user isolation layer on behalf of a first user; and 

(c) responding to the request for the native resource using the instance of the requested 
native resource located in the memory element and associated with the user isolation scope . 

12. (Currently Amended) A method for isolating access by application programs to native 
resources provided by an operating system, the method comprising instructing a suitably 
programmed computer to perform the steps of: The method of claim 1 wherein stop 
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(a) comprises redirecting to an isolation environment comprising a user isolation layer 
and an application isolation layer a request for a file stored in a memory element provided by a 
computer, the request made by a process executing on behalf of a first user; 

(b) locating in the memory element an instance of the requested resource associated with 
a user isolation scope provided by the user isolation layer on behalf of a first user; and 

(c) responding to the request for the native resource using the instance of the requested 
native resource located in the memory element and associated with the user isolation scope . 

13. (Currently Amended) A method for isolating access by application programs to native 
resources provided by an operating system, the method comprising instructing a suitably 
programmed computer to perform the steps of: Tho method of claim 1 whoroin stop 

(a) comprises redirecting to an isolation environment comprising a user isolation layer 
and an application isolation layer a request for a registry database entry stored in a memory 
element provided by a computer, the request made by a process executing on behalf of a first 
user; 

(b) locating in the memory element an instance of the requested resource associated with 
a user isolation scope provided by the user isolation layer on behalf of a first user; and 

(c) responding to the request for the native resource using the instance of the requested 
native resource located in the memory element and associated with the user isolation scope . 

14. (Currently Amended) A method for isolating access by application programs to native 
resources provided by an operating system, the method comprising instructing a suitably 
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programmed computer to perform the steps of: The method of claim 1 further comprising the 

(a) redirecting to an isolation environment comprising a user isolation layer and an 
application isolation layer a request for a native resource provided by an operating system and 
stored in a memory element provided by a computer, the request made by a process executing on 
behalf of a first user; 

(b) locating in the memory element an instance of the requested resource associated with 
a user isolation scope provided by the user isolation layer on behalf of a first user; 

(c) responding to the request for the native resource using the instance of the requested 
native resource located in the memory element and associated with the user isolation scope; 

(d) redirecting to the isolation environment a request for the native resource made by a 
second process executing on behalf of a second user; 

(e) locating in the memory element an instance of the requested native resource 
associated with a second user isolation scope provided by the user isolation layer on behalf of the 
second user; and 

(f) responding to the request for the native resource using the instance of the native 
resource located in the memory element and associated with the second user isolation scope. 

15. (Original) The method of claim 14 wherein the process executes concurrently on behalf of a 
first user and a second user. 

16. (Previously Presented) The method of claim 14 wherein step (e) comprises failing to locate 
an instance of the requested native resource associated with the second user isolation scope. 



4528519vl 



-6- 



Application No. 10/711,737 



Docket No. CTX-105US 



17. (Previously Presented) The method of claim 16 wherein step (f) comprises redirecting the 
request to the application isolation layer. 

18. (Currently Amended) The method of claim 17 further comprising the steps of: 

([[d]]g) locating in the memory element an instance of the requested native resource 
associated with an application isolation scope provided by the application isolation layer on 
behalf of an application; and 

([[e]]h) responding to the request for the native resource using the instance of the native 
resource associated with the application isolation scope. 

19. (Currently Amended) A method for isolating access by application programs to native 
resources provided by an operating system, the method comprising instructing a suitably 
programmed computer to perform the steps of: The method of claim 1 further comprising th e 

(a) redirecting to an isolation environment comprising a user isolation layer and an 
application isolation layer a request for a native resource provided by an operating system and 
stored in a memory element provided by a computer, the request made by a process executing on 
behalf of a first user; 

(b) locating in the memory element an instance of the requested resource associated with 
a user isolation scope provided by the user isolation layer on behalf of a first user; 

(c) responding to the request for the native resource using the instance of the requested 
native resource located in the memory element and associated with the user isolation scope; 
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(d) redirecting to the isolation environment a request for a native resource made by a 
second process executing on behalf of a first user; 

(e) locating in the memory element an instance of the requested native resource 
associated with the user isolation scope; and 

(f) responding to the request for the native resource using the instance of the resource 
located associated with the user isolation scope. 

20. (Previously Presented) The method of claim 19 wherein step (e) comprises failing to locate 
an instance of the requested native resource associated with the user isolation scope. 

21. (Previously Presented) The method of claim 20 wherein step (f) comprises redirecting the 
request to locate an instance of the native resource associated with a second application isolation 
scope provided by the application isolation layer on behalf of a second application. 

22. (Previously Presented) The method of claim 21 further comprising the steps of: 

(g) locating an instance of the requested native resource associated with the second 
application isolation scope; and 

(h) responding to the request for the native resource using the instance of the native 
resource associated with the second application isolation scope. 

23. (Canceled). 
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24. (Currently Amended) An apparatus for isolating access by application programs to native 
resources provided by an operating system, the apparatus comprising: The apparatus of claim 23 
further comprising 

computer-readable program means for associating an instance of a native resource 
provided by an operating system with a user isolation scope provided by an isolation 
environment comprising an application isolation layer and a user isolation layer, the user 
isolation scope corresponding to a user; 

computer-readable program means for associating an instance of a native resource with 
an application isolation scope provided by the isolation environment, the application isolation 
scope corresponding to an application ; and 

computer-readable program means for intercepting a request for a native resource made 
by a process executing on behalf of the user and redirecting the request to the instance of the 
resource associated with the user isolation scope . 

25. (Previously Presented) The apparatus of claim 24 wherein the computer-readable program 
means for associating an instance of a native resource with an application isolation scope further 
comprises means for associating an instance of the native resource with a second application 
isolation scope, the second isolation scope corresponding to a second application. 

26. (Currently Amended) The apparatus of claim [[24]] 24 wherein the computer-readable 
program means for intercepting a request returns a handle to the requesting process that identifies 
the native resource. 
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27. (Currently Amended) The apparatus of claim [[33-]] 24 further comprising computer-readable 
program means for specifying behavior for the computer-readable program means for 
intercepting a request when redirecting the request. 

28. (Currently Amended) The apparatus of claim [[23-]] 24 wherein the computer-readable 
program means for intercepting a request comprises a file system filter driver. 

29. (Currently Amended) The apparatus of claim [[24]] 24 wherein the computer-readable 
program means for intercepting a request comprises a function hooking mechanism. 

30. (Previously presented) The apparatus of claim 29 wherein the function hooking mechanism 
intercepts an operation selected from the group of file system operations, registry operations, 
operating system services, packing and installation services, named object operations, window 
operations, file-type association operations and Component Object Model (COM) server 
operations. 

31. (Canceled). 

32. (Currently Amended) An apparatus for isolating access by application programs to native 
resources provided by an operating system, the apparatus comprising: The apparatus of claim 23 

computer-readable program means fo r: (i) associating an instance of a native resource 
provided by an operating system w ith a user isolation scope provided by an isolation 
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environment comprising an application isolation layer and a user isolation layer, the user 
isolation scope corresponding to a user, and for (ii) further comprises moans for associating an 
instance of the native resource with a second user isolation scope, the second user isolation scope 
corresponding to a second use r; and 

computer-readable program means for intercepting a request for a native resource made 
by a process executing on behalf of the user and redirecting the request to the instance of the 
resource associated with the user isolation scope . 
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